api: set session cookie

Victor Costa · Rodrigo Souto
1 parent 5a875c90
Showing 3 changed files with 8 additions and 2 deletions Show diff stats
lib/noosfero/api/api.rb
lib/noosfero/api/helpers.rb
lib/noosfero/api/session.rb
@@ -10,6 +10,7 @@ module Noosfero
       before { setup_multitenancy }
       before { detect_stuff_by_domain }
       after { end_log }
+      after { set_session_cookie }
       version 'v1'
       prefix "api"
@@ -9,7 +9,7 @@ module Noosfero
       end
       def current_user
-        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token'] || cookies['_noosfero_api_session']).to_s if params
         @current_user ||= User.find_by_private_token(private_token)
         @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
         @current_user
@@ -146,7 +146,11 @@ module Noosfero
         render_api_error!(messages.join(','), 400)
       end
       protected
-  
+
+      def set_session_cookie
+        cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+      end
+
       def start_log
         logger.info "Started #{request.path} #{request.params.except('password')}"
       end
@@ -16,6 +16,7 @@ module Noosfero
         return unauthorized! unless user
         user.generate_private_token!
+        @current_user = user
         present user, :with => Entities::UserLogin
       end
	@@ -10,6 +10,7 @@ module Noosfero		@@ -10,6 +10,7 @@ module Noosfero
10	before { setup_multitenancy }	10	before { setup_multitenancy }
11	before { detect_stuff_by_domain }	11	before { detect_stuff_by_domain }
12	after { end_log }	12	after { end_log }
		13	+ after { set_session_cookie }
13		14
14	version 'v1'	15	version 'v1'
15	prefix "api"	16	prefix "api"
	@@ -16,6 +16,7 @@ module Noosfero		@@ -16,6 +16,7 @@ module Noosfero
16		16
17	return unauthorized! unless user	17	return unauthorized! unless user
18	user.generate_private_token!	18	user.generate_private_token!
		19	+ @current_user = user
19	present user, :with => Entities::UserLogin	20	present user, :with => Entities::UserLogin
20	end	21	end
21		22